DefaultWebSecurityManager类主要定义了设置subjectDao,获取会话模式,设置会话模式,设置会话管理器,是否是http会话模式等操作,它继承了DefaultSecurityManager类,实现了WebSecurityManager接口
public interface WebSecurityManager extends SecurityManager {
boolean isHttpSessionMode();
}WebSecurityManager接口里面只有一个方法,定义了是否http会话模式
查看DefaultSecurityManager类源码解析,里面主要定义了登录,创建subject,登出等操作
@Deprecated
public static final String HTTP_SESSION_MODE = "http";
@Deprecated
public static final String NATIVE_SESSION_MODE = "native";
@Deprecated
private String sessionMode;public DefaultWebSecurityManager() {
((DefaultSubjectDAO)this.subjectDAO).setSessionStorageEvaluator(new DefaultWebSessionStorageEvaluator());
this.sessionMode = "http";
this.setSubjectFactory(new DefaultWebSubjectFactory());
this.setRememberMeManager(new CookieRememberMeManager());
this.setSessionManager(new ServletContainerSessionManager());
}
public DefaultWebSecurityManager(Realm singleRealm) {
this();
this.setRealm(singleRealm);
}
public DefaultWebSecurityManager(Collection<Realm> realms) {
this();
this.setRealms(realms);
}protected SubjectContext createSubjectContext() {
return new DefaultWebSubjectContext();
}public void setSubjectDAO(SubjectDAO subjectDAO) {
super.setSubjectDAO(subjectDAO);
this.applySessionManagerToSessionStorageEvaluatorIfPossible();
}protected void afterSessionManagerSet() {
super.afterSessionManagerSet();
this.applySessionManagerToSessionStorageEvaluatorIfPossible();
}private void applySessionManagerToSessionStorageEvaluatorIfPossible() {
SubjectDAO subjectDAO = this.getSubjectDAO();
if (subjectDAO instanceof DefaultSubjectDAO) {
SessionStorageEvaluator evaluator = ((DefaultSubjectDAO)subjectDAO).getSessionStorageEvaluator();
if (evaluator instanceof DefaultWebSessionStorageEvaluator) {
((DefaultWebSessionStorageEvaluator)evaluator).setSessionManager(this.getSessionManager());
}
}
}protected SubjectContext copy(SubjectContext subjectContext) {
return (SubjectContext)(subjectContext instanceof WebSubjectContext ? new DefaultWebSubjectContext((WebSubjectContext)subjectContext) : super.copy(subjectContext));
}public String getSessionMode() {
return this.sessionMode;
}public void setSessionMode(String sessionMode) {
log.warn("The 'sessionMode' property has been deprecated. Please configure an appropriate WebSessionManager instance instead of using this property. This property/method will be removed in a later version.");
if (sessionMode == null) {
throw new IllegalArgumentException("sessionMode argument cannot be null.");
} else {
String mode = sessionMode.toLowerCase();
if (!"http".equals(mode) && !"native".equals(mode)) {
String msg = "Invalid sessionMode [" + sessionMode + "]. Allowed values are " + "public static final String constants in the " + this.getClass().getName() + " class: '" + "http" + "' or '" + "native" + "', with '" + "http" + "' being the default.";
throw new IllegalArgumentException(msg);
} else {
boolean recreate = this.sessionMode == null || !this.sessionMode.equals(mode);
this.sessionMode = mode;
if (recreate) {
LifecycleUtils.destroy(this.getSessionManager());
SessionManager sessionManager = this.createSessionManager(mode);
this.setInternalSessionManager(sessionManager);
}
}
}
}public void setSessionManager(SessionManager sessionManager) {
this.sessionMode = null;
if (sessionManager != null && !(sessionManager instanceof WebSessionManager) && log.isWarnEnabled()) {
String msg = "The " + this.getClass().getName() + " implementation expects SessionManager instances " + "that implement the " + WebSessionManager.class.getName() + " interface. The " + "configured instance is of type [" + sessionManager.getClass().getName() + "] which does not " + "implement this interface.. This may cause unexpected behavior.";
log.warn(msg);
}
this.setInternalSessionManager(sessionManager);
}private void setInternalSessionManager(SessionManager sessionManager) {
super.setSessionManager(sessionManager);
}public boolean isHttpSessionMode() {
SessionManager sessionManager = this.getSessionManager();
return sessionManager instanceof WebSessionManager && ((WebSessionManager)sessionManager).isServletContainerSessions();
}protected SessionContext createSessionContext(SubjectContext subjectContext) {
SessionContext sessionContext = super.createSessionContext(subjectContext);
if (subjectContext instanceof WebSubjectContext) {
WebSubjectContext wsc = (WebSubjectContext)subjectContext;
ServletRequest request = wsc.resolveServletRequest();
ServletResponse response = wsc.resolveServletResponse();
DefaultWebSessionContext webSessionContext = new DefaultWebSessionContext((Map)sessionContext);
if (request != null) {
webSessionContext.setServletRequest(request);
}
if (response != null) {
webSessionContext.setServletResponse(response);
}
sessionContext = webSessionContext;
}
return (SessionContext)sessionContext;
}protected SessionKey getSessionKey(SubjectContext context) {
if (WebUtils.isWeb(context)) {
Serializable sessionId = context.getSessionId();
ServletRequest request = WebUtils.getRequest(context);
ServletResponse response = WebUtils.getResponse(context);
return new WebSessionKey(sessionId, request, response);
} else {
return super.getSessionKey(context);
}
}protected void beforeLogout(Subject subject) {
super.beforeLogout(subject);
this.removeRequestIdentity(subject);
}protected void removeRequestIdentity(Subject subject) {
if (subject instanceof WebSubject) {
WebSubject webSubject = (WebSubject)subject;
ServletRequest request = webSubject.getServletRequest();
if (request != null) {
request.setAttribute(ShiroHttpServletRequest.IDENTITY_REMOVED_KEY, Boolean.TRUE);
}
}
}版权说明 : 本文为转载文章, 版权归原作者所有 版权申明
原文链接 : https://blog.csdn.net/weixin_43296313/article/details/120826986
内容来源于网络,如有侵权,请联系作者删除!